Our program does not use Java, but the 3rd-party copy protection software company we use within Fire Studio (SoftwareKey) used Java in previous versions of their software. I contacted the company and received this response:
From SoftwareKey:
A vulnerability impacting Apache Log4j 2 versions 2.0 to 2.14.1 was disclosed on GitHub on 9 December 2021 and registered as CVE-2021-44228 with the highest severity rating. Log4j is an open-source, Java-based logging utility widely used by enterprise applications and cloud services. By utilizing this vulnerability, a remote attacker could take control of the affected system.
We are aware of this vulnerability and have completed verification that we do not utilize the log4j library in SOLO Server or in our licensing clients, and therefore SoftwareKey and SOLO Server accounts are not impacted by this vulnerability.
Thankfully, this is not an issue for Fire Studio.
Apache Log4j - Fire Studio Not Affected
Rich Merritt
- Updated